本文實例講述了C++實現修改函數代碼HOOK的封裝方法,分享給大家供大家參考。具體實現方法如下:
一、對外的接口如下:
1. 類初始化時對函數HOOK
2. 取消掛鉤:
void UnHook();
3. 重新掛鉤:
void ReHook();
在初始化時HOOK的代碼:
復制代碼代碼如下:
*(DWORD*)(m_btNewBytes+1) = (DWORD)pfnHook;
8個字節的代碼地址 0xB8, 0x00, 0x00,0x40,0x00,0xFF,0xE0,0x00 只要把第二位和第三位的數據改成函數的地址,調用原先的函數時就會調到自定義的函數執行.
二、實現方法:
.h頭文件如下:
復制代碼代碼如下:
#ifndef _ULHOOK_H__
#define _ULHOOK_H__
#include <Windows.h>
#pragma once
class CULHook
{
public:
CULHook(LPSTR lpszModName, LPSTR lpszFuncNme, PROC pfnHook);
~CULHook(void);
//取消掛鉤
void UnHook();
//重新掛鉤
void ReHook();
protected:
PROC m_pfnOrig;
BYTE m_btNewBytes[8];
BYTE m_btOldBytes[8];
HMODULE m_hModule;
};
#endif
#define _ULHOOK_H__
#include <Windows.h>
#pragma once
class CULHook
{
public:
CULHook(LPSTR lpszModName, LPSTR lpszFuncNme, PROC pfnHook);
~CULHook(void);
//取消掛鉤
void UnHook();
//重新掛鉤
void ReHook();
protected:
PROC m_pfnOrig;
BYTE m_btNewBytes[8];
BYTE m_btOldBytes[8];
HMODULE m_hModule;
};
#endif
.cpp源文件如下:
復制代碼代碼如下:
#include "ULHook.h"
CULHook::CULHook(LPSTR lpszModName, LPSTR lpszFuncNme, PROC pfnHook)
{
BYTE btNewBytes[] = {0xB8, 0x00, 0x00,0x40,0x00,0xFF,0xE0,0x00};
memcpy(m_btNewBytes, btNewBytes, 8);
*(DWORD*)(m_btNewBytes+1) = (DWORD)pfnHook;
m_hModule = ::LoadLibraryA(lpszModName);
if (NULL == m_hModule)
{
m_pfnOrig = NULL;
return;
}
m_pfnOrig = (PROC)::GetProcAddress(m_hModule, lpszFuncNme);
if (NULL != m_pfnOrig)
{
MEMORY_BASIC_INFORMATION mbi = {0};
DWORD dwOldProtect;
::VirtualQuery(m_pfnOrig, &mbi, sizeof(mbi));
::VirtualProtect(m_pfnOrig, 8, PAGE_READWRITE, &dwOldProtect);
memcpy(m_btOldBytes, m_pfnOrig, 8);
::WriteProcessMemory(GetCurrentProcess(), (VOID*)m_pfnOrig, m_btNewBytes, 8, NULL);
::VirtualProtect(m_pfnOrig, 8, dwOldProtect, NULL);
}
}
CULHook::~CULHook(void)
{
UnHook();
if (m_hModule!=NULL)
{
::FreeLibrary(m_hModule);
}
}
void CULHook::UnHook()
{
if (m_pfnOrig != NULL)
{
MEMORY_BASIC_INFORMATION mbi = {0};
DWORD dwOldProtect;
::VirtualQuery(m_pfnOrig, &mbi, sizeof(mbi));
::VirtualProtect(m_pfnOrig, 8, PAGE_READWRITE, &dwOldProtect);
::WriteProcessMemory(GetCurrentProcess(), (VOID*)m_pfnOrig, m_btOldBytes, 8, NULL);
::VirtualProtect(m_pfnOrig, 8, dwOldProtect, NULL);
}
}
void CULHook::ReHook()
{
if (m_pfnOrig != NULL)
{
MEMORY_BASIC_INFORMATION mbi = {0};
DWORD dwOldProtect;
::VirtualQuery(m_pfnOrig, &mbi, sizeof(mbi));
::VirtualProtect(m_pfnOrig, 8, PAGE_READWRITE, &dwOldProtect);
::WriteProcessMemory(GetCurrentProcess(), (VOID*)m_pfnOrig, m_btNewBytes, 8, NULL);
::VirtualProtect(m_pfnOrig, 8, dwOldProtect, NULL);
}
}
CULHook::CULHook(LPSTR lpszModName, LPSTR lpszFuncNme, PROC pfnHook)
{
BYTE btNewBytes[] = {0xB8, 0x00, 0x00,0x40,0x00,0xFF,0xE0,0x00};
memcpy(m_btNewBytes, btNewBytes, 8);
*(DWORD*)(m_btNewBytes+1) = (DWORD)pfnHook;
m_hModule = ::LoadLibraryA(lpszModName);
if (NULL == m_hModule)
{
m_pfnOrig = NULL;
return;
}
m_pfnOrig = (PROC)::GetProcAddress(m_hModule, lpszFuncNme);
if (NULL != m_pfnOrig)
{
MEMORY_BASIC_INFORMATION mbi = {0};
DWORD dwOldProtect;
::VirtualQuery(m_pfnOrig, &mbi, sizeof(mbi));
::VirtualProtect(m_pfnOrig, 8, PAGE_READWRITE, &dwOldProtect);
memcpy(m_btOldBytes, m_pfnOrig, 8);
::WriteProcessMemory(GetCurrentProcess(), (VOID*)m_pfnOrig, m_btNewBytes, 8, NULL);
::VirtualProtect(m_pfnOrig, 8, dwOldProtect, NULL);
}
}
CULHook::~CULHook(void)
{
UnHook();
if (m_hModule!=NULL)
{
::FreeLibrary(m_hModule);
}
}
void CULHook::UnHook()
{
if (m_pfnOrig != NULL)
{
MEMORY_BASIC_INFORMATION mbi = {0};
DWORD dwOldProtect;
::VirtualQuery(m_pfnOrig, &mbi, sizeof(mbi));
::VirtualProtect(m_pfnOrig, 8, PAGE_READWRITE, &dwOldProtect);
::WriteProcessMemory(GetCurrentProcess(), (VOID*)m_pfnOrig, m_btOldBytes, 8, NULL);
::VirtualProtect(m_pfnOrig, 8, dwOldProtect, NULL);
}
}
void CULHook::ReHook()
{
if (m_pfnOrig != NULL)
{
MEMORY_BASIC_INFORMATION mbi = {0};
DWORD dwOldProtect;
::VirtualQuery(m_pfnOrig, &mbi, sizeof(mbi));
::VirtualProtect(m_pfnOrig, 8, PAGE_READWRITE, &dwOldProtect);
::WriteProcessMemory(GetCurrentProcess(), (VOID*)m_pfnOrig, m_btNewBytes, 8, NULL);
::VirtualProtect(m_pfnOrig, 8, dwOldProtect, NULL);
}
}
希望本文所述對大家的C++程序設計有所幫助。
